<?php

class Core_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{

    /**
     * Called before an action is dispatched by Zend_Controller_Dispatcher.
     *
     * This callback allows for proxy or filter behavior.  By altering the
     * request and resetting its dispatched flag (via
     * {@link Zend_Controller_Request_Abstract::setDispatched() setDispatched(false)}),
     * the current action may be skipped.
     *
     * @param  Zend_Controller_Request_Abstract $request
     * @return void
     */
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $oAuth = Zend_Auth::getInstance();
        $oAcl = $this->getAcl();

        // Default role
        $role = Application_Model_Usuario::ROLE_ALL;
        if ($oAuth->hasIdentity()) {
            $role = $oAuth->getIdentity()->role;
        }

        //$sModule     = $request->module;
        $sController = $request->controller;
        $sAction     = $request->action;
        //$sResource   = $sModule . '/' . $sController . '/' . $sAction;
        $sResource   = $sController . '/' . $sAction;

        if ($oAcl->has($sResource)) {
            if(!$oAcl->isAllowed(Application_Model_Usuario::ROLE_ALL, $sResource)) {
                // Access is not allowed
                if (!$oAcl->isAllowed($role, $sResource)) {
                    $flashMessenger = new Zend_Controller_Action_Helper_FlashMessenger();
                    $flashMessenger->addMessage('Acesso negado');
                    //$request->setModuleName('default');
                    $request->setControllerName('index');
                    $request->setActionName('index');
                }
            }
        } else {
            $flashMessenger = new Zend_Controller_Action_Helper_FlashMessenger();
            $flashMessenger->addMessage('Recurso não encontrado : ' . $sResource);

            $flashMessenger = new Zend_Controller_Action_Helper_FlashMessenger();
            $flashMessenger->addMessage('Acesso negado');
            //$request->setModuleName('default');
            $request->setControllerName('index');
            $request->setActionName('index');
        }
    }

    protected function getAcl() {
        $oAcl  = new Zend_Acl();

        // Perfis
        $oAcl->addRole(new Zend_Acl_Role(Application_Model_Usuario::ROLE_ALL));
        $oAcl->addRole(new Zend_Acl_Role(Application_Model_Usuario::ROLE_ADMIN),
                                         array(Application_Model_Usuario::ROLE_ALL));

        // Controllers e Actions
        $oAcl->add(new Zend_Acl_Resource('index/index'));
        $oAcl->add(new Zend_Acl_Resource('index/restrito'));

        $oAcl->add(new Zend_Acl_Resource('seguranca/index'));
        $oAcl->add(new Zend_Acl_Resource('seguranca/entrar'));
        $oAcl->add(new Zend_Acl_Resource('seguranca/sair'));

        $oAcl->add(new Zend_Acl_Resource('atendimento/index'));
        $oAcl->add(new Zend_Acl_Resource('atendimento/salvar'));
        $oAcl->add(new Zend_Acl_Resource('atendimento/salvar-assistido'));
        $oAcl->add(new Zend_Acl_Resource('atendimento/listar'));
        $oAcl->add(new Zend_Acl_Resource('atendimento/excluir'));

        $oAcl->add(new Zend_Acl_Resource('ajax/get-cidades-por-uf'));

        // Permissões
        $oAcl->allow(Application_Model_Usuario::ROLE_ALL, 'index/index');

        $oAcl->allow(Application_Model_Usuario::ROLE_ALL, 'seguranca/index');
        $oAcl->allow(Application_Model_Usuario::ROLE_ALL, 'seguranca/entrar');
        $oAcl->allow(Application_Model_Usuario::ROLE_ALL, 'seguranca/sair');

        $oAcl->allow(Application_Model_Usuario::ROLE_ADMIN);

        return $oAcl;
    }
}
